32 articles tagged with "Ai Security"
CVE-2026-39888 bypasses PraisonAI's Python sandbox via exception frame traversal. Attackers chain __traceback__ attributes to reach exec(). Patch to 1.5.115.
Project Glasswing partners Amazon, Microsoft, Cisco to hunt zero-days with an AI model too dangerous for public release. Thousands of flaws already found.
Critical code injection vulnerability CVE-2025-59528 in Flowise AI agent builder scores maximum CVSS 10.0 and is under active exploitation. Over 12,000 instances are publicly accessible.
CVE-2026-34938 lets attackers escape PraisonAI's three-layer Python sandbox to execute arbitrary OS commands. CVSS 10 — patch to version 1.5.90 immediately.
Unit 42 exposes how excessive default permissions in Google Cloud's Vertex AI let attackers weaponize AI agents to steal data from customer environments.
Check Point Research disclosed a ChatGPT vulnerability that abused DNS tunneling to silently steal conversation data. OpenAI patched the flaw on February 20, 2026.
Three vulnerabilities in LangChain and LangGraph expose filesystems, environment secrets, and conversation histories. CVE-2026-34070 enables path traversal. Patches available now.
CVE-2026-33017 (CVSS 9.3) lets attackers execute arbitrary Python code on Langflow AI pipelines without authentication. Exploitation began before any PoC existed.
LayerX researchers found that custom font rendering can hide malicious prompts from ChatGPT, Claude, Gemini, and other AI assistants while displaying them to users.
Autonomous AI agents expand attack surfaces faster than defenders can adapt. The economics make adoption inevitable—here's how security teams are responding.
Critical command injection and SQL bypass vulnerabilities in Tencent's WeKnora LLM framework allow unauthenticated RCE. Patch to versions 0.2.10 and 0.2.12 now.
Check Point found CVE-2025-59536 and CVE-2026-21852 in Anthropic's Claude Code. Opening a cloned repo could execute code and leak API credentials.
Microsoft confirms Copilot bug bypassed DLP policies, reading confidential emails without authorization. European Parliament blocked Copilot over concerns.
Anthropic alleges DeepSeek, Moonshot AI, and MiniMax used 24,000 fake accounts to extract Claude capabilities through 16 million distillation queries.
WormGPT database allegedly leaked on dark web forums, exposing emails, payment data, and subscription details of cybercriminals using the service.
CVE-2026-26030 in Microsoft's Semantic Kernel Python SDK enables unauthenticated RCE through InMemoryVectorStore. Upgrade to 1.39.4 immediately.
Cisco's State of AI Security 2026 report reveals a dangerous gap between agentic AI adoption ambitions and enterprise security readiness. Here's what the threat landscape looks like.
Cisco AI Defense research finds OpenAI's safeguard models perform worse than standard versions under sustained attack. Multi-turn jailbreaks spike success rates up to 92%.
Wiz researchers found Moltbook's Supabase database exposed without authentication, leaking 1.5M API tokens, private messages, and plaintext OpenAI keys.
Hudson Rock detects Vidar infostealer exfiltrating OpenClaw AI agent files for the first time. Stolen configs include gateway tokens and cryptographic keys.
Learn how to detect deepfakes with visual clues, audio patterns, and authentication methods. Covers detection signs, AI tools, and practical defense strategies.
CVE-2026-22778 chains a heap leak and buffer overflow in vLLM's video processing to achieve full RCE on AI inference servers. Patch to 0.14.1 now.
Cisco helps build AIUC-1, the first AI agent security standard, mapping its AI Security Framework to testable controls for prompt injection, jailbreaks, and more.
Cisco's second AI Summit unveiled AI Defense, AgenticOps, and Silicon One P200. Here's what security teams need to know about agentic AI governance.
Cisco Talos sounds the alarm on AI tools that demand root access and store credentials in plaintext, calling the current adoption frenzy a security crisis.
New taxonomy from Cisco's CISO and security leadership defines five AI security domains and the organizational functions needed to secure enterprise AI systems.
SANS ISC detects reconnaissance activity targeting locally hosted Claude API endpoints. Researchers warn of growing risk from misconfigured AI deployments.
CVE-2025-15467 allows attackers to crash or compromise systems by sending malicious CMS messages. All AI-discovered in OpenSSL's largest coordinated security release.
Varonis researchers disclosed a vulnerability chain that let attackers exfiltrate user data through Copilot with a single malicious link click. Microsoft has patched the issue.
GreyNoise honeypot data reveals coordinated reconnaissance of LLM infrastructure including OpenAI, Claude, and Ollama deployments over 11 days.
Company admits ChatGPT Atlas remains vulnerable to attacks that hijack AI agents through malicious web content. New defenses deployed, but fundamental risk persists.
CVE-2025-68664 scores CVSS 9.3 and enables secret extraction and prompt injection in LangChain Core. Patch immediately if you're running AI agents.